PMHF — Probabilistic Metric for Random Hardware Failures
PMHF is the ISO 26262-5 metric that quantifies the rate at which random hardware failures violate a safety goal. Numerically, it's the top-event probability per hour of operation. Each ASIL has its own PMHF target, and FTA is the standard's recommended deductive technique for computing the value the architecture actually achieves.
The targets
| ASIL | PMHF target | Per 1-year mission (8,760 h) |
|---|---|---|
| ASIL-A | < 1×10⁻⁶ /h | ≈ 8.8×10⁻³ |
| ASIL-B | < 1×10⁻⁷ /h | ≈ 8.8×10⁻⁴ |
| ASIL-C | < 1×10⁻⁷ /h | ≈ 8.8×10⁻⁴ |
| ASIL-D | < 1×10⁻⁸ /h | ≈ 8.8×10⁻⁵ |
The targets are per safety goal — a system with multiple safety goals must meet each independently.
How it's computed
PMHF is the time-derivative of the top-event probability of a fault tree where leaves are random hardware failures (parametrised by their failure rate λ, diagnostic coverage DC, and mission time). For typical electronic components with constant λ and small probabilities:
P(top, t) ≈ Σ over cut sets [ Π λ_i · t · (1 − DC_i) ] PMHF = ∂ P(top, t) / ∂ t
For a properly redundant ASIL-D architecture, every cut set is order-2 or higher, and the safety mechanisms (which contribute the DC factors) are what suppress the rate from ~10⁻⁵/h (single-component λ) down below the 10⁻⁸/h target.
What the ISO 26262-5 deliverable looks like
The standard expects three numbers per safety goal:
- PMHF — the headline rate, computed as above, compared against the ASIL target.
- SPFM (Single-Point Fault Metric) — fraction of single-point hardware faults covered by safety mechanisms. ASIL-D target: ≥ 99%.
- LFM (Latent Fault Metric) — fraction of latent dual-point faults covered. ASIL-D target: ≥ 90%.
The fault tree's role is to demonstrate the architecture has no unmitigated single-point fault and that the residual rate beats the PMHF target. Browse the worked AEB ASIL-B example for a concrete illustration.